DB2 Vulnerable to Trend of Communication Protocol Flaws

October 02, 2006 -
E-mail and Web servers aren't the only ones that get slammed by denial of service and other types of attacks. Database servers, including DB2, are also vulnerable to malicious activity, and communication protocol vulnerabilities are a growing trend.

A data-security vendor recently discovered a communication protocol vulnerability affecting the z/OS version of the DB2 database. The Imperva Application Defense Center (www.imperva.com) reported to IBM that the vulnerability is in DB2 version 8's client-server protocol, called DRDA. The protocol is used to exchange information and commands between clients and servers. Imperva's Application Defense Center conducts research into database security issues and discovered this vulnerability as part of its inspection of database access protocols.